Vulnerability identifier: #VU17846

Vulnerability risk: Medium

CVSSv3.1: 5.3 [CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-1700

CWE-ID: CWE-20

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
Firepower 9000 Series
Hardware solutions / Firmware

Vendor: Cisco Systems, Inc

Description

The vulnerability allows an adjacent attacker to perform a denial of service (DoS) attack.

The vulnerability exists in field-programmable gate array (FPGA) ingress buffer management due to a logic error in the FPGA related to the processing of different types of input packet. An adjacent attacker can send a specially crafted sequence of input packets to a specific interface on an affected device, cause a queue wedge condition on the interface and cause the affected device to stop processing any additional packets that are received on the wedged interface.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Firepower 9000 Series: 2.2.200.8

---

External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190220-firpwr-dos

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.